Pwns for Sale: Scythe Prepares a Marketplace for Sharing Simulated Hacks

upstart writes in with an IRC submission for SoyCow1337:

Pwns for sale: Scythe prepares a marketplace for sharing simulated hacks:

Scythe, a software company that spun out of the security-testing company Grimm, has been working for the past few years on a platform that allows corporate information-security teams to build security-testing campaigns-creating "synthetic malware" and crafting phishing campaigns or other attacks that mimic the techniques, tactics, and practices of known threat groups. And unlike some of the automated penetration-testing or threat-simulation products out there, Scythe retains the human in the loop-making it a useful tool to both internal security testers and external "red team" consultants.

Ars has tested earlier versions of the Scythe platform (starting in 2017, when it was still known as Crossbow), wreaking havoc on a set of victim systems in our lab and doing hands-on-keyboard things that a red team would typically do to simulate an attack. The platform allowed for the construction of "malware" that would work only on systems within a specific network-address range tailored to the task and capable of downloading additional modules of functionality once installed. The faux malware is deployable as executable files or dynamic linking libraries, allowing the emulation of more advanced malware attacks. Since it is custom generated, its signature doesn't match known malware; endpoint protection software has to catch its behaviors. (Windows 7's Windows Defender did not catch on, but my limited malware crafting skills were caught by other endpoint systems in custom campaigns I built; the packaged modules did much better in crushing my intentionally limited defenses.)

Read more of this story at SoylentNews.